=== Darcy is now known as Spydar007
meetingologyMeeting started Mon Jan 30 16:31:40 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.16:31
meetingologyAvailable commands: action commands idea info link nick16:31
tyhicksThe meeting agenda can be found at:16:31
tyhicks[LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting16:31
tyhicksno announcements today16:31
tyhicks[TOPIC] Weekly stand-up report16:31
=== meetingology changed the topic of #ubuntu-meeting to: Weekly stand-up report
tyhicksjdstrand: you're up16:31
jdstrandshort week this week (off firday)16:32
jdstrandmostly caught up on snappy reviews. After driving them to 0 by eod on Friday, now have 3 followup reviews that came in today16:32
jdstrandI plan to get back to seccomp arg filtering policy this week16:32
jdstrandI'll move the miscellaneous review tools updates card if I have time16:32
jdstrandthat's it from me. mdeslaur, you're up16:33
mdeslaurI'm in the happy place16:33
mdeslaurcurrently working on openssl updates16:33
mdeslaurhave a bunch of pending updates to test and publish16:33
mdeslaurthat's it from me, sbeattie?16:33
sbeattieI'm on community this week.16:33
sbeattieI'll have kernel USNs to publish this week16:34
sbeattieI need to finish testing the openssh update I was working.16:34
sbeattieAnd then I'll poke at the list of outstanding issues16:35
sbeattieThat's it for me. tyhicks?16:35
tyhicksI'm on bug triage this week16:35
tyhickscve triage last week kept me from making much progress on work items16:35
tyhicksI need to submit my second revision of seccomp patches to lkml16:36
tyhicksworkaround an apparmor utils bug that is keeping me from uploading apparmor 2.11 to zesty16:36
tyhicksI have 2 embargoed issues16:37
tyhicksthat's it for me16:37
tyhicksjjohansen: you're up16:37
jjohansenI need to finish up with my end of the dconf work16:38
jjohansenI have some patches to send up to the kt16:38
jjohansena reply to tetsuo to finish up and send out to lkml16:39
jjohansenand I really need to finish looking at casey's latest round of stacking patches16:39
jjohansenthen if time more of the upstreaming work, plan is securityfs bits, that I didn't get to last week16:40
jjohansenthats it for me, sarnold you're up16:41
sarnoldI'm on cve triage this week, working on MIRs in the remaining time16:41
sarnoldI expect to finish the apache mellon module mir today or tomorrow depending upon how busy MITRE's been, so it would be nice to have a new top priority soon16:42
sarnoldthat's it for me, chrisccoulson?16:42
chrisccoulsonI've got an oxide update to do this week, and I expect to have chromium to sponsor as well16:42
chrisccoulsonHopefully no other updates - thanks to a Firefox respin I ended up having to test that twice last week16:43
chrisccoulsonI've got a Firefox regression to fix, but that shouldn't take much time16:43
chrisccoulsonOther than that, I'm finishing off tests for work I did in oxide last week, then I plan to move on to bug 1637195 which should mostly be a copy / paste job from webbrowser-app16:44
ubottubug 1637195 in Oxide "Add JS dialogs to UbuntuWebView" [Undecided,New] https://launchpad.net/bugs/163719516:44
chrisccoulsonAnd I need to make some changes to my firefox menubar patch and send that upstream, although there's currently nobody assigned to review that anyway16:45
chrisccoulsonThat's me done16:45
ratliffI'm in the happy place this week16:45
ratliffI have a few more updates for Snappy 15.04 to process16:45
ratliffThen I will work some on the notification process16:46
ratliffthat's it for me this week16:46
ratliffback to you tyhicks16:46
tyhicks[TOPIC] Highlighted packages16:47
=== meetingology changed the topic of #ubuntu-meeting to: Highlighted packages
tyhicksThe Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.16:47
tyhicksSee https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.16:47
tyhicks[TOPIC] Miscellaneous and Questions16:47
=== meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions
tyhicksDoes anyone have any other questions or items to discuss?16:47
tyhicksjdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff: Thanks!16:49
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology
meetingologyMeeting ended Mon Jan 30 16:49:54 2017 UTC.16:49
meetingologyMinutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-01-30-16.31.moin.txt16:49
sarnoldthanks tyhicks!16:50
ratliffthanks tyhicks!16:50
sbeattietyhicks: thanks!16:50
mdeslaurthanks tyhicks16:51
jjohansenthanks tyhicks16:54
jdstrandtyhicks: thanks!16:58
slashdwhois slashd18:38
slashddisregard ^, forgot the "/"18:39
rbasakWho's here?19:00
rbasakI have a hard stop in about an hour (depends on how long a drive somewhere will be).19:00
cyphermoxI'm here.19:01
chilukhey cyphermox19:01
sil2100Who's driving the meeting?19:03
chilukbdmurray ?? dmb meeting?19:03
sil2100The agenda mentions Adam19:03
sil2100chiluk: bdmurray won't be around sadly19:04
rbasakIt's been stuck at Adam for a long time :-/19:04
rbasakI'd prefer not to chair today please. Too many distractions here right now, and note my hard stop above.19:05
sil2100I was chairing the last meeting, the additional one we had because of the holidays19:05
sil2100But still, we miss one person...19:05
chilukinfinity shows away as well19:06
chilukcan't we just use his absence as passive consent?19:07
chilukthere's really no way infinity would admit that I'm coredev material... then again, I'm not sure if he'd say that about most coredevs.19:07
sil2100hah ;)19:07
rbasakIt is possible to hold a meeting and leave it to the ML to make a vote quorate.19:07
chilukI'm fine with that.19:07
sil2100Yeah, I guess if we won't get quorrum I'm +1 on continuing that on the ML19:08
sil2100Since we can't postpone this forever19:08
chilukyeah it's been almost 2 months now.19:08
chilukwell since I was put on the agenda.19:08
sil2100We'll just have to make sure that the vote continues on the ML, since those tend to take a very long time as well if left as-is19:08
rbasakIs the sponsorship miner down?19:08
rbasakThere is https://launchpad.net/~chiluk/+uploaded-packages19:09
rbasakWhich should be a subset I think.19:09
sil2100It works for me19:09
chilukis more complete19:09
rbasakHmm, working now.19:10
chilukbut still not complete.19:10
sil2100cyphermox: can you chair? We could do as per rbasak's proposition - start the candidate review here and finish on the ML19:10
sil2100Ok then, I'll chair again in this case19:13
sil2100Need a minute though19:13
sil2100#startmeeting DMB meeting19:13
meetingologyMeeting started Mon Jan 30 19:13:59 2017 UTC.  The chair is sil2100. Information about MeetBot at http://wiki.ubuntu.com/meetingology.19:13
meetingologyAvailable commands: action commands idea info link nick19:13
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | DMB meeting | Current topic:
sil2100#topic Review of previous action items19:14
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | DMB meeting | Current topic: Review of previous action items
sil2100rbasak to get mapreri's PPU additions done by the TB (carried over) <- is it still in progress?19:14
rbasakI've not managed to address anything for the DMB yet this year - sorry. I believe it's still in progress.19:15
rbasakIIRC, the TB did do something for us. I need to find out where it is.19:15
sil2100Ok, so I guess the other one is carried over as well19:16
sil2100Let's skip to the next point then19:16
sil2100#topic Package Set/Per Package Uploader Applications19:16
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | DMB meeting | Current topic: Package Set/Per Package Uploader Applications
sil2100I see we still have David's application on the agenda19:16
sil2100Does anyone know if the vote for that got finalized on the ML?19:17
sil2100I at least don't remember getting the rest of the votes for that one19:17
rbasakI don't remember seeing any further votes on that.19:17
rbasakYeah, no replies AFAICS.19:18
maprerirbasak, sil2100: ISTR my PPU addition also required voting.19:18
mapreriwhen did those happen?19:18
sil2100I don't think single additions require a vote, right?19:19
sil2100Just one DMB member, if he decides it's fitting, can do the permission changes - or am I wrong?19:19
rbasakI think (and said) otherwise.19:19
rbasakAFAIK, a packageset addition can be done by one DMB member verifying that the proposed new package meets the packageset criteria in the description.19:20
rbasakBut I'm not aware of anything like that for PPU.19:20
sil2100Ah, indeed19:20
sil2100You might be right19:20
mapreriYeah, I'm reporting due to what rbasak told me privately, given that I completely fail at finding a through description of DMB workflows :)19:20
rbasakThere may be a policy I don't recall or never read about.19:20
rbasakAll I know is https://wiki.ubuntu.com/DeveloperMembershipBoard/KnowledgeBase19:20
rbasakBut, I think a vote for mapreri should be straightforward.19:21
maprerioh, consider that I'm DD requiring PPU for a package I maintain, that might streamline the process for this particular case.19:21
sil2100Should we vote? We don't have a quorrum so it'd have to go through the ML as well19:22
chilukif only I had a vote I'd vote for you mapreri.\19:22
rbasakDo we have a list of what mapreri can already upload?19:22
maprerirbasak: pbuilder and libreoffice-dictionaries are in my PPU list from main; then I'm also MOTU.19:23
maprerichiluk: :)19:23
rbasakmapreri: how long have you had those?19:23
maprerirbasak: iirc early December 201619:23
rbasakAh, OK.19:24
sil2100Archive Upload Rights for mapreri: archive 'primary', source package 'pbuilder'19:24
sil2100Archive Upload Rights for mapreri: archive 'primary', source package 'libreoffice-dictionaries'Archive Upload Rights for mapreri: archive 'primary', source package 'pbuilder'19:24
rbasakmapreri: how long have you been maintaining inkscape in Debian?19:24
maprerirbasak: yeah, recently.19:24
sil2100Uh, double-paste I guess19:24
maprerisome time 2015 i think19:24
maprerimy first thing in the changelog is 201419:25
rbasakI'm ready to vote then. Shame we don't have quorum :-/19:25
rbasak(but we can do a partial vote now and try to finish it on the ML later)19:25
sil2100Yeah, let's vote, I'll push the rest to the ML19:25
maprerirbasak: (if it's still interesting)  [ Mattia Rizzolo ]\n  * debian/control: add myself to Uploaders => Apr 201519:25
sil2100#vote for mapreri to gain additional PPU rights for inkscape19:25
meetingologyPlease vote on: for mapreri to gain additional PPU rights for inkscape19:25
meetingologyPublic votes can be registered by saying +1, +0 or -1 in channel, (for private voting, private message me with 'vote +1/-1/+0 #channelname)19:25
meetingology+1 received from sil210019:26
meetingology+1 received from rbasak19:26
sil2100cyphermox: you still around?19:26
chiluksil2100: rbasak from KB "DDs who are PPU through the normal process can apply by email to have their access extended to further packages they (or a team they are a member of) maintain. This only requires one DMB member to agree in order to pass."19:28
meetingologyVoting ended on: for mapreri to gain additional PPU rights for inkscape19:28
meetingologyVotes for:3 Votes against:0 Abstentions:019:28
meetingologyMotion carried19:28
chiluksounds like it's a pass  mapreri19:28
rbasakOK, done then. Sorry mapreri, I could have just done it when you first asked.19:28
mapreriOh.  Well, guess all learned something today :)19:29
sil2100Should I add an action item for each of us to look through the KB again? ;)19:29
chilukit's all the way at the bottom.. no one reads that far.19:30
sil2100Anyway, let's continue19:30
mapreriThank you, anyway!19:30
sil2100mapreri: you're welcome!19:30
sil2100rbasak: will you handle that?19:30
rbasakDoes someone want to take an action to sort that with the TB?19:30
sil2100Thanks :)19:30
sil2100#topic Ubuntu Core Developer Applications19:30
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology | DMB meeting | Current topic: Ubuntu Core Developer Applications
cyphermoxsorry, i was on the phone19:31
sil2100#subtopic Dave Chiluk19:31
sil2100chiluk: could you introduce yourself?19:31
chilukI've been working for Canonical as a Sustaining engineer for the last 4 years fixing Ubuntu advantage customer issues.19:31
chilukmany of which don't result in uploads.19:32
chilukI've had a LP id since 2008, and I think I started with Ubuntu in 06..19:32
chilukso it's been a while.19:32
chilukI mostly fix packages in main, hence the Coredev app instead of MOTU.19:32
chilukand I also mostly do SRU's and not development uploads.19:33
chilukactually probably 80% of my uploads are SRUs.19:33
chilukwhich makes getting fixes out a real bear..19:33
chiluksince I currently need two other devs to approve any of my fixes.19:34
chilukI think that's most of it.19:34
rbasakTwo questions: 1) what are your goals with respect to upload rights; and 2) is not having core dev blocking you at the moment, apart from uploading SRUs, and if so, how?19:34
rbasakIOW, are you asking for core dev just to fix the SRU problem?19:35
chilukrbasak: 1) I'd like upload rights so I no longer have to harass existing core devs.19:35
chiluk2.) it is blocking me at the moment. https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/165522519:36
ubottuLaunchpad bug 1655225 in qemu (Ubuntu) "Under heavy load qemu hits bdrv_error_action: Assertion `error >= 0' failed" [Medium,New]19:36
chilukis a good example19:36
chilukmostly I feel that me not having core dev puts an undo burden on the other core devs in the U.S. Timezones.19:36
chilukas I'm part of a larger team with few core devs.19:37
rbasakAre you familiar with the conversation with - slashd I think?19:37
chilukrbasak I am.19:37
chilukand rbasak I'm not sure if that would be useful.19:38
rbasakI'm sorry I haven't addressed that yet.19:38
rbasakBut I am interested in your opinion. Please go on.19:38
chilukrbasak, I'm also TIL on a few packages ..19:38
rbasak(I'm sorry I have to run in 20 minutes, otherwise I'd chat for longer right now)19:38
chilukrbasak, also I'm not sure if having SRU only upload is even possible given the structure of teams in LP.19:38
chilukI do like the general idea, but I don't think it's doable given the current structure of development in Ubuntu.19:39
chilukunless there's something that LP can do that I'm not aware of.19:39
rbasakMy concern is that based on your application I feel that your experience is quite narrow. I would like to hear what others think of this kind of case. I appreciate the pain and I want to fix that. But does that mean it's appropriate to change ACLs bits to wide open?19:40
sil2100chiluk: I have a question regarding a recent discussion I saw on #ubuntu-devel - it seems one of your merges didn't have a correct changelog, right?19:41
rbasakI'm really quite torn, and I think the answer to that question is bigger than just me or a few people on the DMB.19:41
chiluksil2100: yes that is correct.19:41
sil2100chiluk: why was that? Did you put non-remaining changes into the 'remaining changes' part by mistake?19:41
rbasakAnd I'm interested to hear what some really-long-time Ubuntu devs think.19:41
sil2100(like, new changes)19:41
chiluksil2100: it was a merge I did this morning that I was TIL on.  and yes it was a mistake... the change still existed, but it had been merged into debian..19:42
sil2100Ah, ok19:42
chiluksil2100: I also do my best to get the corresponding dd or previous UCD to do the upload... which is part of the reason slangasek caught that one.19:43
chilukrbasak what other things do you think I need to broaden my experience?19:44
chilukI guess another reason I'd like to get coredev is so that I can manage series tracks in bugs.19:45
chilukI think there's another team for that, but coredev is definitely included in that group.19:46
chilukexuse me for a sec, but I need to make sure my dog is not being eaten by a coyote.19:47
cyphermoxwell, everyone makes mistakes in changelogs every once in a while, or in merging anyway. I usually first go through making changelog and then ripping things out if it shows that they are in fact merged or no longer require19:47
sil2100chiluk: during your work on packages, did you have a lot experience with dealing with autopkgtests, proposed migration and the like?19:48
rbasakchiluk: I think if I were to filter SRUs out of your endorsements and your sponsored uploads, it would be a bit thin. I'm not sure we'd give core dev to a hypothetical applicant with that application.19:48
rbasakNow, it may be that Ubuntu devs say "yes but that's fine", and that's an open question that I'm not sure about.19:48
rbasakI intend to prioritise getting that thread started about this.19:48
chiluksil2100: I did have to deal with autopkgtest failures with my core-utils upload, and possibly a few others.19:50
chilukbut there are only a few.19:50
sil2100chiluk: did you always make sure that the packages that were sponsored for you made it to the release pocket?19:50
chilukthat's part of our teams process.19:51
rbasakI need to run very soon.19:51
chilukwe don't close our customer cases, until our package uploads hit the -udates archives.19:51
sil2100Ok, I had one more question, but rbasak maybe you want me to start the vote now?19:51
chilukrbasak, additionally we are usually the first to do verification on the uploads as well..19:51
rbasakI would like to defer my vote for now, pending any outcome of the thread. I'm sorry I have not followed up on that yet. I will prioritise doing that.19:52
rbasakEspecially now that there are two blocked on it.19:52
rbasakI'm sorry for the pain and I really want to unblock you, but I also feel that it's a bigger issue that we should resolve, and that it's important for us to be consistent.19:52
sil2100In this case what I would propose is to take the vote to the mailing list in that case19:52
chilukrbasak: completely understood.19:52
chilukI just feel this is the next logical step for me to become more efficient.. and for the rest of the team to be more efficient by not having to micro-manage my uploads.19:53
sil2100There everyone will be able to think his decision though19:53
sil2100chiluk: ok, one semi-technical question - let's say you work on a package (or maybe sponsor some upload for someone) where you add a new binary dependency to a package19:53
rbasakchiluk: to be clear, I'd be happy with you uploading SRUs without a sponsor.19:53
rbasakBased on your application.19:54
rbasakI'm just not sure that core dev is the right step, and that's what I'd like wider opinion on.19:54
chilukthanks rbasak19:54
sil2100chiluk: what would be the first few things you'd need to check in such a case?19:54
rbasakI'm going to run as I need to be somewhere.19:54
sil2100rbasak: see you o/19:54
rbasakSorry I couldn't help more today.19:54
chiluksil2100: add to debian/control, check for additional dependencies, then check for other packages that depend on the package I changed...19:55
chilukmanifest for iso's may need to change as well.19:55
chilukalso rebuilding may be necessary for all related packages19:55
chilukdepending on the change.19:55
sil2100chiluk: ok, now let's say the package you work on is in main - does that opt for some additional change?19:55
sil2100I mean, additional check?19:55
chilukyes.. if the dependency is in universe19:56
sil2100That's what I wanted to hear19:56
chilukthat universe package may have to be pulled into main as well...19:56
chilukI haven't had to do that yet.19:56
chilukbut I'm aware of the restrictions related to it.19:56
sil2100It very frequently happens with packages that Canonical is upstream for19:56
chilukfortunately I will rarely be the uploader for those.19:57
sil2100Ok, those are all questions from me19:57
sil2100cyphermox: any questions?19:57
sil2100If not, I guess let's move this to a mailing thread and do the vote there19:57
chilukI'm ok with that.19:57
chilukinfinity can reject me there.19:57
chilukbecause infinity.19:58
sil2100Noo, Adam's not like that!19:58
sil2100He's a good guy, really19:58
sil2100For realz19:58
sil2100Anyway, thanks for showing up and sorry for not being able to sort it out here19:58
chiluksil2100: i know... I just like to give him crap.19:58
=== meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds: Please leave swords by the door | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendars | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology
meetingologyMeeting ended Mon Jan 30 19:59:02 2017 UTC.19:59
meetingologyMinutes:        http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-01-30-19.13.moin.txt19:59
sil2100I'll send out the e-mail in a bit19:59
sil2100Thanks everyone!19:59
chilukthanks sil2100, rbasak, cyphermox... fortunately my dog was not eaten, but she did find something she's trying to kill.19:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!